I hadn't seen this here yet , but found it very interesting...

http://www.wired.com/news/mac/0,2125,63000,00.html?tw=wn_tophead_2

A Trojan horse, called MP3Concept or MP3Virus.gen, has been discovered that masquerades as an MP3 file.


And is if that wasn't interesting enough...

The Trojan appears to be an ordinary MP3 file. In fact, it will play music if launched from inside a digital jukebox like Apple's iTunes. The song plays and the Trojan isn't activated.


http://www.powerpage.org/cgi-bin/WebObjects/powerpage.woa/wa/story?newsID=11960

I've read a lot about this over the last 12 hours and it appears that Intego is essentially trying scare tactics to sell their software.

thats even more interesting....

but no Trojans exist to go in it yet, so basically Mac OS X is still virus free.

i dont know much abou Macs, is this really true ?

That trojan is an old myth, i even d/l the source for it, which was bogus, this was about a year and a half ago. Old news.

i dont know much abou Macs, is this really true ? [/B]

I have had a Mac for about half a year now, and not once have i been infected. I believe its true. And even if a virus comes out, it won't take Apple long to come up with a cure, you can be sure of that. I just have to say it. Steve Jobs is god compared to Bill Gates :p

What a joke. The reason there are no well known viruses/trojans/worms for MAC's is simple. No one would waste their time trying to infect a fraction of the machines connected to the Inet. What would it give you? Nothing.

BTW-I still have a powerMAC lying around here somewhere, I use it as my boat anchor or, when the boat's in drydock, I use it as a doorstop.

I can hear you aren't very fond of Mac. I don't understand why. About the security thing. I read about this contest, where a Mac server was set up. You could win 10k dollars if you were able to in any way break into it. A month was set off to do it, and tons of people tried. After a month, no one had even gotten close. So they raised the sum of money, and people tried harder. No one got in. Btw it had no firewall or any other kind of protection software.

It has nothing to do with being fond of MAC or not, it's common sense. If you own a fraction of a percent of the market you aren't likely to get hit with much. Security through obscurity.

And one contest does not a secure system make.

I'm neither for or against any system based solely on the name. I personally find the architecture lacking and very little support as far as applications and hardware. It's great for an electronic cookbook or a glorified MP3 player, but that's about the extent, in my opinion.

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=256550#post741096) by KorpDeath
What a joke. The reason there are no well known viruses/trojans/worms for MAC's is simple. No one would waste their time trying to infect a fraction of the machines connected to the Inet. What would it give you? Nothing.

BTW-I still have a powerMAC lying around here somewhere, I use it as my boat anchor or, when the boat's in drydock, I use it as a doorstop.

Couldn't agree more, and the same thing applies to some extent to linux systems, although in this case there are a number of experienced guys who do try and fix loopholes.

IMHO, it's going to get very interesting if, and when MS make their systems more secure, which they do seem to be on course to achieving.
Only then will we get a good idea of which OS is more secure, and wait for the bad guys to completely screw MACs ....

The important thing to remember is that OSX is a proprietary OS, like Windows, whereas linux is not. Therefore you are relying on Apple to fix any problems that might occur, which they may not wish to fix, because of the cost involved.

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=256550#post741316) by KorpDeath
It has nothing to do with being fond of MAC or not, it's common sense. If you own a fraction of a percent of the market you aren't likely to get hit with much. Security through obscurity.

And one contest does not a secure system make.

I'm neither for or against any system based solely on the name. I personally find the architecture lacking and very little support as far as applications and hardware. It's great for an electronic cookbook or a glorified MP3 player, but that's about the extent, in my opinion.

Mac's are superb systems (in my opinion).
So they dont run the latest windows games who cares?
Macs are great for the people who actually use their computer for WORK.

And yes there will be security issues with macs, but look at Windows, Netware, Linux, BSD, SCO Unix etc, they all have security issues.

The main point I have to make is that Macintoshs are rather well designed (if somewhat speciallised) business computers, and I am rather impressed by the ibook I have.

While the macs only make up 9% of the market share, they are actually used for quite a bit of work that "normal" (aka below average compared to Macs) computers can't handle. Will edit and post links to such sites and testimonials, etc. Not meaning to be offensive btw, but I think MS is good for nothing more than playing really good video games on it (X-Box anyone? great system for games. Man I hope we don't turn this into one big flame war).

But yes, I agree that trying to hack into a Mac is harder to do and there aren't as many out there (although you would have a quick offer from Apple for a job if you ever did. or a warrant if its bad. whatever).


EDIT: Aight heres one site.

http://www.philrussell.com/macfiles/whouses.html

Hello,

Whether it's a Mac, Windows, Linux, Solaris, or whatever, if it is turned on and online, then it is vulnerable.
As mentioned before, Mac's only make up a small percentage and as such they are less of a target. However as the other OS's are tightening up their security, I would imagine good ole Mac will see more assaults upon their OS. How will they react when the attacks begin. Do the have the experience that the other companies have acquired from years of patching? Some good questions. And of course with Mac and all other OS's, hopefully they'll kick some hacker butt! :eek:

cheers

Interesting the way Apple handled this rather massive security loophole.

Apparently, it was reported to them in Feb, but they only released a patch on the 22nd May, due to all the comments flying around the net that explained how to exploit this in practice.

Exactly the way MS did (perhaps still does) work ??

This link http://secunia.com/advisories/11622/ explains the details, and I thought the that the original comment on the 17th May was rather telling:

'NOTE: The rating has been upgraded to "Extremely Critical" because the issues are very easy to exploit and a large number of working exploits are available.'

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=256550#post741096) by KorpDeath
What a joke. The reason there are no well known viruses/trojans/worms for MAC's is simple. No one would waste their time trying to infect a fraction of the machines connected to the Inet. What would it give you? Nothing.

BTW-I still have a powerMAC lying around here somewhere, I use it as my boat anchor or, when the boat's in drydock, I use it as a doorstop.

To Funny, Your probably not kidding either!!!!

Sorry...couldnt resist,and everyone saying that Mac never had any virii bugged me for some strange reason lol..here's a link http://www.icsalabs.com/html/communities/antivirus/macintosh/archives/macvirus/reference/viruses.html

That link is 5 years old :P

I know lol,just couldnt resist the fact that everyone was saying that there wasnt a mav virus ever!:P

well, you guys are somewhat clueless when it comes to macs. the reason virii don't get through is that the email has no real hooks to the system. (outlook / exchange anyone?) to say it isn't done because there are not that many is REALLY ignorant. when the army kept having their (NT) servers hacked, they switched to macs and were secure from then on. if you understand the hacker mentality, then you would know once something gets 'secured' it raises the profile and better hackers go after it.

how many people here have ever hacked into a mac? thought not. go try- don't just talk about how easy it is- SHOW US THE PROOF. if you dont know what you're saying, it is better to say nothing than to make a certain fool of yourself.

cjmarch, I realize that this was your first post and you may be wondering why you got negged (Assigned negative antipoints.) by whoever did it. You got negged for bumping an extremely old thread that has already been discussed, in short, it's old news. If you're new to forums (and even if you're not) you will want to check out the FAQ. You'll find out answers to everything you need to know there! Good luck and welcome to Antionline!

Regards,
Xierox

it is better to say nothing than to make a certain fool of yourself.
Right on the money! Bet you feel like a fool bringin' up this old of a thread, guess you shoulda said nothing?

Anyhoo...

http://secunia.com/advisories/12690/
http://secunia.com/advisories/12575/
http://secunia.com/advisories/12249/
http://secunia.com/advisories/11689/
http://secunia.com/advisories/11622/
http://secunia.com/advisories/11539/
http://secunia.com/advisories/11012/ <-- unpatched!
http://secunia.com/advisories/10959/
http://secunia.com/advisories/10723/
http://secunia.com/advisories/10474/
http://secunia.com/advisories/9535/
http://secunia.com/advisories/8571/
http://secunia.com/advisories/8533/

http://www.securemac.com (I thought macs were secure? How do they stay in buisness!?)

http://www.macworld.com/news/2004/05/17/safari/index.php <-- Safari



well, you guys are somewhat clueless when it comes to macs.
You'll find as you stick around here that the most "secure" people here can secure any os. They will look for 2 things immediately, regardless of what OS they are on.

1. Unnecessary services
2. Updates

Considering that nearly every vulnerability on any OS is reported before the 0-day, it's a safe bet that any patched box is nearly untouchable.

how many people here have ever hacked into a mac? thought not. go try- don't just talk about how easy it is- SHOW US THE PROOF.

The hard part is finding one!

ummm...yeah and you have succesfully used how many of those attacks?

i may be new to the forum but i have hardened solaris before and used trusted. my comment about macs did not mean to imply that a virus cant be written, just that no one here has the skillz to hack a mac. i don't have a mac bias- but if you are talking about why they don't get virii- i just told you. ok, i did not mention the permissions system that controls acces in unix, but i thought that was a given.

once again....who here has hacked a mac. ummm- who knows the difference between a virus and a vulnerability? raise your hand. nobody?

thanks for the welcome xierox. appreciated much.

who knows the difference between a virus and a vulnerability? raise your hand. nobody?

A vulnerability is a flaw or unintended effect of an application or operating system.

A virus is program that is launched when an specific activity occurs. It requires that someone propogate it (e.g., "sneaker net") whereas it's cousin, affectionately known as a worm, propogates on it's own through the use of email or other methods.

cjmarch, there are some of us who are not "clueless" and perhaps making an assumption about who we are isn't necessary.

ok, i did not mention the permissions system that controls acces in unix, but i thought that was a given.

That would assume only OS X. We often forget there is still a large segment that use OS 9 (or earlier) on their old Macs.

Security isn't 100% about the OS. It's is, however, entirely dependent on the mindset of the person who uses that OS. And lastly, there is always a way in. One's ability to "break in" doesn't mean a heck of a lot of the machine we've broken into has a user that doesn't pay attention to security. My SO uses OS X (my macs are too old and I'm too cheap to fork out :D) but he hasn't fully enabled accounts and doesn't quite understand how the permissions work. I can easily get into his system should I choose and if I was feeling rather malicious could easily gain access to anything he access (via some sniffing).

So rather than walking around with a chip on your shoulder with an intent to fight, why not peruse the rest of the forums and see if there are other things that might be worthwhile to help you in your question to make things more secure. :)

The skills required to Mac hack are no different that the skills required to hack anything else. Mac's aren't special. The vulnerabilities I posted are typical of any OS, buffer overflow, DoS, privledge escalation of all sorts... all of which can be replicated easily when given enough detail.

Again, mac's aren't special. And coming from a high school that was 100% Macintosh, I can tell you that they are not inherently secure. I may not have exploited mac's myself, but I have witnessed the results of successful attacks on Mac boxes and networks, because I helped with the network administration at the school.

If you know what you are doing, the OS shouldn't really matter.

Welcome to AO.

so one user, who claims to have hacked a mac, also says they are just as easy to hack as windows. well, really- well informed- you did see the unpatched test where -automated- mechanisms brought down windows in 20 minutes from internet activity. try the same thing with a mac- oh wait- you probably don't really use them, so how COULD you know an unpatched mac could survive a LOT longer (you do at least know os x is based on bsd, right?). i don't recommend running anything unpatched, but the truth is it would be no contest between unpatched mac & win systems. 20 minutes? haha

and what exactly did you use to hack the mac? java & applescript? and how to get it through the firewall / closed port nature of the os? just a couple irrelevant details could go a long way toward validating 'i hack macs'.

AND i did not insult anyone. i pointed out that the links sent 'to me' were ALL VULNERABILITIES- when i was talking about virii. let's keep the facts straight. and keep the antipoints coming- you only show your defensive posture and pettiness.

good day 'gentlemen'.

thanks msmittens,

there are some people who not only know something, but pay attention to what is discussed. thanks to all who welcomed me- and to those who wish to 'discuss vigorously' - i say that is what fuels great sites. hopefully i have found one where the people are passionate and dont mind heated but reasoned discussion.

I for one haven't really used a Mac. Not because I don't want too. You can ask a few people here, I've said before I do in fact WANT too use one.

The price is the only thing stopping me currently. I'm in college again and too broke to afford one.

The REAL reason I want too use one? Not he GUI, not because it's based on BSD, I have BSD boxes here. But because it's another OS and I haven't used it. I have almost 80 OSs now and I can use them all. I want to play in Mac OS. I don't care if it's OS X or System 1, I want too.

The closest I've come is BeOS. (If you know anything of BeOS you'll agree it's got a lot of Mac's qualities).

Heh, just to wind you up, Linux has beaten Mac OS recently. I made a post in the OS forum about it. Heh, very cool.

Anyway, back to my text based adventure in "Update Slackware Land".

I beat the end guy once, he's hard.

Unpatched OS's are irrelevent to this discussion.

http://www.redstonesoftware.com/vnc.html

That is VNC for OS X, it is open source. There is nothing stopping anyone from hacking that into a simple trojan horse. That, coupled with one of the vulnerabilities I posted, is your Mac virus.

pointed out that the links sent 'to me' were ALL VULNERABILITIES- when i was talking about virii.
Vulnerabilities come first, and make/spread a virus. No vulnerabilities, no virus. Except in the case of netsky and bagle, where the user is the vulnerability. ;)

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=256550#post798634) by Soda_Popinsky
No vulnerabilities, no virus. Except in the case of netsky and bagle, where the user is the vulnerability. ;)


That would be because no OS can patch stupidity.